Microsoft has published an advisory regarding buffer overflow vulnerability present in the windows RPC Service. The RPC service provides remote procedure calls between objects executing on two remote machines running the Windows operating system.
An attacker can exploit this vulnerability by crafting a specifically malformed RPC packet and sending it to a vulnerable server. The attacker will need access to the vulnerable server RPC interface that is located at port 135.
A malicious attacker may use this vulnerability to execute code of his choice on the victim machine. Since the RPC service executes with SYSTEM privileges an attacker executing code as the result of this attack can fully compromise the vulnerable server
Entercept provides patented protection against code execution as a result of buffer overflows and prevents the exploitation of the RPC Interface buffer overflow vulnerability.
Windows NT 4.0 - All service packs
Windows 2000 - All service packs
In order to best counter this threat, Entercept suggests following its recommended Security Best Practices, including:
2. Block port 135 when RPC service is not required
3. Deploy Entercept Standard Edition on all critical servers.
About Entercept Security Technologies
Entercept Security Technologies is the proven leader in intrusion prevention software. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks. Unlike other security solutions, Entercept uses a combination of behavioral rules and signatures to proactively prevent attacks rather than merely detecting and reporting them after they occur. Strategic partners include Check Point, Foundstone and other leading companies. Entercept has received numerous awards and industry recognition, including Network Magazine's 2001 Product of the Year, Fortune Small Business Magazine's '65 Big Ideas List', SC Magazine's 'Best Pick of the Year 2000 and 2001', InfoWorld magazine's 'Business Impact of the Year Award', and InfoWorld magazine's Readers Choice 'Security Product of the Year'. www.entercept.com
The information provided is identified, assessed and measured by the Entercept Ricochet security research team, a leading group of security experts dedicated to collecting and evaluating intelligence against server threats.